In last week’s blog, we discussed why critical infrastructure is a prime target. To recap, targeted attacks to critical infrastructure will continue to occur solely based on the political and economic ramifications that ensue following the incident. Political, economic and financial drivers are all motivating factors behind attacks of this nature.
Truth #3: No Organization – critical infrastructure providers included – can keep up with the onslaught of new cyberattacks and APTS.
With connectivity comes access. This blunt fact has forced critical infrastructure providers, like any other sufficiently large enterprise, to assume that someone, somewhere has already compromised their networks. Accordingly, providers have to address the same IT security challenges as other targeted organizations, as well as their own specific challenges.
Providers face adaptive attackers who customize attacks to individual targets, using specially crafted malware that doesn’t alert traditional IT security technologies that rely on prior knowledge of threats – antivirus signatures, blacklists, etc. They prefer tools that evade detection at the perimeter and exploit desktop application vulnerabilities and social engineering. These attackers will modify their methods to circumvent any countermeasures their targets implement. They also rely on multi-point attacks, hoping that targets won’t look at the whole enterprise picture to see what’s really happening.
In addition to creating such individualized, stealthy attacks, attackers also have incredible volume and diversity of attacks on their side. Malware has mushroomed into a multi-billion dollar criminal industry, growing from fewer than 1 million samples a year in 2007 to more than 100 million a year in 2012. In fact, 2012 will see more malware created each month than in the entire 25 years from 1982 to 2007.
Against this scale of attack, enterprises that focus solely on preventing infection are playing a losing game, because attackers’ options for infiltration are almost limitless. Enterprises therefore need cost-effective, scalable post-intrusion detection. Managed services options offer scalable, automated solutions that can help offset the cost for many organizations. If an organization has internal security teams, those teams are often small and develop proprietary tools that are crude and can’t scale.
Next week, we’ll discuss ways critical infrastructure providers can identify, contain and remediate digital vulnerabilities.